Bug Description

SRU Justification:
[Impact]
When connecting to MPA2/PEAP/MSCHAPv2 wifi networks which do not have a CA Certificate network manager may incorrectly mark the CA certificate as needing verification and fail that verification.

[Test Case]
Attempt to connect to a WPA2/PEAP/MSCHAPv2 network without CA_Certificate using Network Manager

[Regression Potential]
This has been fixed in Utopic already and it a backport of an upstream patch.

--

=== Release Notes Text ===

When connecting to MPA2/PEAP/MSCHAPv2 wifi networks which do not have a CA Certificate network manager may incorrectly mark the CA certificate as needing verification and fail that verification. See the bug for workarounds.

===

I can connect to Eduroam in 12.10 and any other previous release, but not in 13.04. I checked, my name and password are correct, all settings are the same as in 12.10.

I have the same problem. I can not connect to wifi network (WPA and WPA2 Enterprise PEAP, MSCHAPv2 +username/password)
The network manager doesn't accept my password. On last week, it worked well. (2013. 03.15.)

I've noticed this too happening with self-signed certificates in universities. The alternative is to edit the connection file in /etc/NetworkManager/system-connections to remove "system-ca-certs=true".

Hi Zsolt, This problem affects me, when i try to connect to my office network. We never used certificate authority. The wifi network allows the connection, when I use a specific hostname, and username/password. Ubuntu 12.10 is working well. On last week, the wifi connection was OK on ubuntu 13.04.

if it doesn't change, this could mean a serious move-away from ubuntu,
cause I instapped ubuntu to many of my friemds juat because they were
unaboe to connect to eduroam in windows! don't underestimate this, I would
mark this of a very high importanace, being a dev...
On Mar 19, 2013 2:02 PM, "hepaly" <email address hidden> wrote:

I'm marking this again as new, cause the definition of invalid says that it should be a support request which it is not, because canonical cannot provide support to solve it.

most people don't know what a CA certificate is, so you can't leave it this way, cause they will say, that ubuntu just cannot connect and they are moving back to windows... you have to consider what normal people will think about this.

I've tried all sorts of certificates in the last few days (searching on google people say to use different types of them) but I couldn't make this work. Moreover the Eduroam site says to leave the certificate field empty. I can connect with my telephone with no problems so I'm sure the problem is not related to my account. I'll check if it works with an older ubuntu version asap.

I have tries with different certificates (cause my school haven't issued
one) and it didn't work. currently there's no way for us to connect to
eduroam in 13.04.
On Mar 25, 2013 10:50 AM, "Alfredo Buttari" <email address hidden>
wrote:

upgrading is not good. try to fire up a usb image and try if it it can
connect in the live mode. the problem is probably with the upgrade. but
first try to connect to a hidden network.
On Apr 17, 2013 5:45 AM, "Ryan Yates" <email address hidden> wrote:

PEAP connection, MSCHAPv2, no certificate but with a username & password, I *cannot* connect to the network. Previous versions of Ubuntu work fine. Indeed, my credentials on another machine running 12.10 work just fine.

I can confirm this issue on a Lenovo T510, PEAP, MSCHAPv2, no cert. Switching to LEAP seems to hold fine. Removing system-ca-certs=true did not stabilize my connection at all. I am able to get connected, but drops every few minutes and sometimes will not connect at all.

Hey Guys, this problem is quite serious!! Excitement in the morning after the upgrade on home wifi then complete dissapointment after 2hrs+ attempting to patch it :(
Tried just about all that was posted here and was unsuccessful. eduroam and other enterprise wpa networks just don't work anymore. Please supply a quick fix...

this is the 1. ubuntu release I didn't install right after it came out.
guess why.

and by the way the workarond by Eduard Gotwig from comment #19 sadly
doesn't work here either. the line is always re-added. please explain us
better how u did it cause more people have reported here that it doesn't
work.

Same problem here. And 13.04 really is the first Ubuntu where this doesn't work. And sure it IS critical!
If this is not fixed, Ubuntu will prove useless for most education (students/profs) and business users. And the bug is still unassigned since January?! Come on!

I just can't believe that the swirl direction of the BFB icon was a more important bug than this one... In terms that it was promptly addressed, unlike this one.

I just wanted to say that comment #19 of removing "system-ca-certs=true" from /etc/NetworkManager/system-connections also worked for me. Actually, what I did was set the statement to false. When I re-started the connection, it worked on the next try.

I also did a sudo chmod -w NUwave after the first time it connected, so that should avoid the statement from reappearing since now the file is read-only. Given the connection name, I'm at Northeastern University, which uses WPA2/PEAP/MSCHAP as well.

Before I had tried this, I had attempted to use the certificate that Windows 7 associated with the same NUwave wireless connection, but I was still unsuccessful at authenticating even with that. The odd thing is that a few weeks back when I tested with an Ubuntu 13.04 Beta 2 USB stick it worked fine, but stopped working at some point, and I re-tested with the USB stick today and it still failed, so at that point I knew it wasn't anything package related and stumbled across this bug and solution which fixed it! :)

The workaround works for me, too. Even without making the file read-only. I connected at my faculty's library in the early afternoon today. But I still think this is a critical issue, that could turn people away from Ubuntu.

It's very interesting what vacalola said about the old unchanged live image working once, and then not... Yet, the fact remains that this works completely fine in both 12.04 and 12.10, and just in 13.04 not.

I give up... this has just got me switching to another Linux distro! Spent the whole week trying to rebuild my machine just cos of this issue... One year + of Ubuntu Love now to it's brother... Which I should state that wpa-enterprise works at time of writing that is!

You can install these DEBs on Ubuntu 14.04 too (since Linux Mint 17 is based on Ubuntu 14.04), then remove the connection and add it again; system-ca-certs will not appear then if you click ignore when you're asked to choose a certificate.

With Mint 17 I am able to connect to Eduroam out-of-the-box, I just have to choose PEAP as authentication method and enter my details.

Saucy will be EOL in about a month; unless somebody says otherwise, I think I'd rather spend the time to provide the fix in the other releases that are still supported -- people still on 13.10 should consider upgrading to 14.04 as soon as possible, which should generally be a good idea for all the other bug fixes that would come with it.

If it's really needed, I can provide packages in a PPA, but for now I'll just close the Saucy / 13.10 task as Won't Fix.

This bug still affects me with current updates.
I had to change /etc/NetworkManager/system-connections/network-ssid
the line system-ca-cert=true
to system-ca-cert=false
Then restart the network and it works.

Eduroam works for me with Ubuntu 14.04 as of today if I use the installer provided by Eduroam. Your institution should provide a link to this installer, which retrieves and stores the appropriate CA-certs and creates an entry for network-manager.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

The verification of the Stable Release Update for network-manager-applet has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

My apologies for the typo, I meant "without" - so the corrected version:

Downloaded latest gnome-network-manager update from repository on Ubuntu 14.04 64bit - I am now able to connect without a CA Certificate :-) - issue appears to be resolved on Ubuntu 14.04

Update:
I am being prompted for the WiFi password on the network without the CA Certificate every time I power on the computer, but once I enter the password it connects. This behavior only occurs on boot up; recovering from suspend has no issues.

I have installed Ubuntu 14.04 in my system recently on Oct 7th. I still have this problem to connect to my University network.

I have tried the work around mentioned in the thread to remove system-ca-cert=true from the my connection SSID. But, I could not even find that line. I even restarted the Network Manager several times.

That line is already deleted if you add the connection with the latest updates to NetworkManager installed.

If you're still having trouble, probably the wrong authentication type is set in the wifi security settings. Default is TTLS, but at least my university (Utrecht University, NL) needs PEAP here for its Eduroam network. The inner authentication is MSCHAPv2 but I think that was right by default.
Settings may be different at your university but I think it's certainly worth giving it a try.
When you are asked for the certificate, choose to ignore it (unless you know which one to specify).

Future questions about this are better asked on a forum instead. This is a closed bug.

As I said already, 14.10 has another problem.
Go to Network Settings or Network Connections, edit the Eduroam connection, and go to the WiFi Security tab.
Here set the authentication type to Protected EAP instead of the default Tunneled TLS which is wrong for eduroam, at least on my university.

It is unrelated to this bug so feel free to open a new bug for it, if you did not need to do this in past releases of Ubuntu.

@philipballew I'm not aware of another bug report, and don't have time to look for one at present. I'm a Linux Mint user myself; Cinnamon has its own issues with Eduroam. besides, there is no 14.10 based Linux Mint at present, so the 14.10 problems don't really affect me.
What I said in #186 was how a friend with Ubuntu on a Mac, got eduroam working.

since a few days I suddenly have issues again connecting to PEAP based wifi again.
Keep having a popup. Above options did not work.
Intel 7260 card.
not only that, but the ignore option still does not work in the GUI.

A few days ago, I couln't connect to my faculty's PAP network, either... I thought it was a problem on their side, as they tend to have them every so often. But now with Vincent's message... I don't know. It may be a new bug in NetworkManager?
I haven't been to my faculty with my laptop since then to see if the problem still persists... I'll probably be there again on Monday, so I can re-check.

I thought for me it was a password change, but I tested another laptop with Fedora and that just works.
So it seems like a bug in Ubuntu at least.
Not sure if it is the same, but I hope someone will pick this up and fix it.
This is another big risk for losing users.
Happy to test any fixed packages....

I was today at the faculty again, and I still couldn't connect to the network with my Ubuntu Vivid laptop, but my Android phone could. As this is only happening since very recently, it sounds like a bug in Ubuntu to me, too. And it is probably a regression, since this was working perfectly before, always on Vivid. I have recently got this laptop, and Vivid is the first, and still the only OS ever used on it.
Except that in my case, nothing ever pops up. It is just trying to connect forever. But if it is a new bug, we should open a new report.

Today I tried to delete that connection and set it up again. Still no dice, but now the issue looks exactly as Vincent describes it. :-D After some seconds of not being able to connect, a window pops up asking my username and password. Both Are correct, I multi-checked it, but it just won't connect.

I can't connect to my campus WiFi either on Ubuntu 14.04 I can connect on my iPhone, home, and coffee shop networks but not at school. My IT guy at school couldn't fix it and he runs Ubuntu. I don't want any workarounds or some Micky Mouse bullshit. I want a simple one click update that resolves the issue. I can't even add a printer at home and now this. I'm about to go back to windows if this isn't resolved with an update. I'm glad I decided not to donate any money to this company. I suppose my dad was right when he said despise the free lunch.

Ubuntu is a project mostly led by people in their free time.
While I agree that this is an annoying bug, your remarks are a bit blunt when it comes to respecting people's hard work.
How about you be happy with what IS working and try to contribute to a solution?
Feel free to code yourself, after all it is open source.
If you like to go back to a proprietary operating systems that has closed source drivers that crash and cannot be fixed it all, why not go for it?
If you don't like Ubuntu, try something else. I do not have the issue on Fedora.
Can't add a printer? Look in the fora, I never had any problem for the last 8 years with any printer and like with Windows some (most not) need a driver.

Last but not least, I agree with Steve that this issue should be fixed.
Can anyone suggest what we should to ?

I would suggest people having this bug to open new bug reports with as much details of their systems as they can provide. If the issue are really duplicates of this one, the new bug reports can be duplicated to this one later. I'm connecting with Eduroam networks with 3 different laptops (two with Ubuntu 14.04 and one with Ubuntu 15.10) with no issues, so I think people being hit by this bug are being affected by a combination of software and own hardware particularities.

As I said before, on my Toshiba laptop with Qualcomm Atheros WiFi and Ubuntu Vivid 64 it worked brilliantly at first (and still it does on a non-updated live media), but it stopped working, probably after who-knows what update, which is why I don't believe it is a hardware issue.
That said, I do agree with Walter, we should open a new bug report for this one. I would do it myself, but for now the only place where I can test this is my university, which, if everything goes well, I am finishing next week, when I'll be giving my MA thesis presentation. So, ATM I am kinda busy preparing for that, and once that's done, my access credentials for the uni network will soon be cancelled, and I won't be able to contribute any test reports. So I concluded it would be pretty useless for me to open it.

And then about Steve... :-D I have worked in hotels and restaurants, and I know very well what special extra spices some customers get, including those who "despise the free lunch". So go on, enjoy your expensive all-served meal. It certainly does have that something extra. ;-)

Have anyone found a functional workaround? Other than the one described above? I don't have the proper knowledge to implement the one above.
Are able to create files and edit with nano if told exactly where to do so.
Running Ubuntu Mate 15.04 - 3.18.0-25rpi2 - Mate 1.8.2 on a Raspberry Pi 2.